limit connection per time

[xbaha]

hi,
i was able to limit concurrent connection per IP.
but this might cause problem and effect good traffic.

the problem i am facing is, when a client is requesting a page through GET, it's served from the cache, there is no PHP code involved. so i don't care even if i am even brute forced with this method.
but if the same page is requested with POST (regardless good or bad traffic), it's always served fresh. so when bad traffic comes, it max the CPU.

what i am looking for is to limit concurrent POST connections per IP,
is this possible ?

thank you.

[ForumAdmin]

Not with an iptables firewall, no. That is something you would have to do using something like ModSecurity.

[xbaha]

so i tried to set max connection limit for each ip...
got this error????

csf: FASTSTART loading csf.allow (IPv4)
Error: csf: Incorrect CONNLIMIT setting: [15], at line 2047
...Done.


root@srv [~]# /etc/csf/csftestdotpl
Testing ip_tables/iptable_filter...OK
Testing ipt_LOG...OK
Testing ipt_multiport/xt_multiport...OK
Testing ipt_REJECT...OK
Testing ipt_state/xt_state...OK
Testing ipt_limit/xt_limit...OK
Testing ipt_recent...OK
Testing xt_connlimit...OK
Testing ipt_owner/xt_owner...OK
Testing iptable_nat/ipt_REDIRECT...OK
Testing iptable_nat/ipt_DNAT...OK

RESULT: csf should function on this server
root@srv [~]#

[martinp]

Read the readme http://download.configserver.com/csf/readme.txt on how to configure that setting.